aptdaemon debconf-communicate should be running as root
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
aptdaemon (Ubuntu) |
New
|
Undecided
|
Unassigned |
Bug Description
aptdaemon runs as the session user. It needs to spawn debconf-communicate to interact with the user when packages have debconf questions; which often needs to be done as root (or otherwise have sufficient privileges) since packages may want to prompt for passwords, which use a different, more secure debconf database than the main config one.
aptdaemon probably should be spawning debconf-communicate as root, at the cost of prompting the user for a password when debconf access is necessary.
This became readily apparent with https:/
There should not be any additional password prompting as part of spawning debconf-communicate as root. This should be encompassed by the existing security policy for running apt itself.